On that blog, FireEye called the flaw "a significant zero day" and said that the current exploits rely in part on the presence of Adobe Flash Player. "Disabling the Flash plug-in within IE will prevent the exploit from functioning," FireEye wrote.
FireEye said the hacker group behind the IE exploit is a sophisticated gang that has launched browser-based attacks in the past.
"The APT [advanced persistent threat] group responsible for this exploit has been the first group to have access to a select number of browser-based 0-day exploits (e.g. IE, Firefox, and Flash) in the past," Firefox claimed. "They are extremely proficient at lateral movement and are difficult to track, as they typically do not reuse command and control infrastructure."
Sign up for Computerworld eNewsletters.